Търсене в помощните статии

Избягвайте измамите при поддръжката. Никога няма да ви помолим да се обадите или изпратите SMS на телефонен номер или да споделите лична информация. Моля, докладвайте подозрителна активност на "Докладване за злоупотреба".

Научете повече

thunderbird asks me to confirm ssl-certificate exception, even though the domain its showing me shouldnt be used

  • 3 отговора
  • 1 има този проблем
  • 6 изгледи
  • Последен отговор от david

more options

Hello, I setup my own mailserver. It has a valid lets encrypt wildcard-certificate for *.tld.com. The mailserver usees imap.tld.com for imap and smtp.tld.com for smtp. So the certificate should be ok. When i add an account to thunderbird i get the ssl-certificate exception for tld.com. But the tld.com should not be used, only imap / smtp. Why is thunderbird trying to validate a certificate for tld.com?

Hello, I setup my own mailserver. It has a valid lets encrypt wildcard-certificate for *.tld.com. The mailserver usees imap.tld.com for imap and smtp.tld.com for smtp. So the certificate should be ok. When i add an account to thunderbird i get the ssl-certificate exception for tld.com. But the tld.com should not be used, only imap / smtp. Why is thunderbird trying to validate a certificate for tld.com?

Всички отговори (3)

more options

Possibly because tld.com is the domain name, whereas imap.tld.com is only a subdomain.

more options

david said

Possibly because tld.com is the domain name, whereas imap.tld.com is only a subdomain.

But what is the purpose to validate tld.com? What exactly is thunderbird trying to find there? It only needs to connect to imap.tld.com / smtp.tld.com, no?

If i kill the process while its asking for an exception and start thunderbird again, it doesnt ask me to make a security exception anymore and i can send/receive emails normally.

Is it maybe trying to connect there to find caldav or something while initializing the account?

more options

TB isn't trying to 'find' anything; it's just standard protocol in internet connectivity to put domain name authentication over subdomain authentication because domain name servers track domains, not subdomains.